OpenBSD Journal

More Mitigations for (potential) CPU Vulnerabilities

Contributed by rueda on from the cheap, fast, reliable: pick any tw^H^H - oh, crap! dept.

There have been more developments in the continuing work mitigating against (Intel®, and potentially other) CPU vulnerabilities…

Philip Guenther (guenther@) committed the following:

CVSROOT:	/cvs
Module name:	src
Changes by:	guenther@cvs.openbsd.org	2018/06/14 13:57:29

Modified files:
	sys/arch/amd64/include: frameasm.h 
	sys/arch/amd64/amd64: locore.S vector.S 

Log message:
Clear the GPRs when entering the kernel from userspace so that
user-controlled values can't take part in speculative execution in
the kernel down paths that end up "not taken" but that may cause
user-visible effects (cache, etc).

prodded by dragonflybsd commit 9474cbef7fcb61cd268019694d94db6a75af7dbe
ok deraadt@ kettenis@

(DragonFly BSD gained FPU protection, and enabled NX for PROT_READ by default, too.)

A message to tech@ from Theo de Raadt (deraadt@) included:

ps. Disable Intel Hyper-Threading where not needed, until we all know more.

(Comments are closed)


Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]